Resources for the Check Point Community, by the Check Point Community.

Tim Hall has done it again! He has just released the 2nd edition of "Max Power".Rather than get into details here, I urge you to check out this announcement post. It's a massive upgrade, and well worth checking out. -E

If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Move VLAN interface between bond

Hi,

I have a R80.10 and ClusterXL, my confguration is simple 2 bond interfaces and more VLAN interface on both bond interfaces.
I need to move/reconfigure a VLAN interface from internal bond to external bond without go out of service.
I tried this sequence:
- on standby node delete interface vlan from source bond, add interface vlan to destination bond, configure the same ip.
- on smartconsole get interface with topology, I see a change of interface name, so the active node has bond1.10 while standy node has bond2.10
- install policy
- reconfigure switch
- test ping between nodes on changed VLAN interface works without issues, so configuration is correct.
The expected result is cluster continue to work so I can switch traffic, but standby node go down and don't go up. I tried cpstop and cpstart.cphaprob -a if on standby node don't show the moved VLAN interface.
Which the best procedure for this simple operation? Can I temporary disable monitoring on that interface?

Re: Move VLAN interface between bond

I had a similar issue yesterday moving VLAN interfaces between bond groups and the passive security gateway in the cluster remained down. After troubleshooting for a while I found that the Cisco switch connected to both security gateways did not have some of the VLANs configured on the trunk interface to one of the bond groups. ( the "switchport trunk allowed vlan 10, 20, x, x" command in interface configuration mode on the switch.) Once I added the missing VLANs to the trunk on the switch side the passive security gateways changed from down to standby.